A hacker briefly took over Ticketfly’s website, defacing it with a picture of the V for Vendetta character and a claim of responsibility. The hacker also sent Motherboard files of what they say is employee and customer information taken from Ticketfly’s database.

The hackers asked for a single bitcoin as a ransom payment.

But note Ticketfly’s wording here: cyber incident. Not data breach. Last year, I wrote about the dangers of using the words data breach when it really wasn’t, and I think we’ll see more of that now. Calling this a cyber incident was a nice maneuver on Ticketfly’s part, as Netskope CEO Sanjay Beri pointed out in an email comment:

While the company hasn’t confirmed a breach of customer data has occurred, at face value the hacker’s claim — that he/she managed to access their database via an unpatched vulnerability or misconfiguration — is well within the realm of possibility. Now the real question is, if a breach did occur, did the database include any PII belonging to EU citizens? If the answer is yes, this situation could escalate quickly.

Since Beri made that comment, we have learned a little more about the Ticketfly incident. I guess it is safe to call it a data breach now, as Engadget reported. More than 25 million email addresses linked to personal information and associated with the ticketing site were discovered on Have I Been Pwned, a site where you can check to see if your information was compromised in a breach.

Whether or not this breach meets GDPR compliance remains to be seen. According to articles I’ve seen, the company covered event sales for American establishments, but that doesn’t mean that EU citizens didn’t have their information in that database. Also, did the company meet GDPR standards, if necessary?

It will be a data breach case we’ll want to watch to see if GDPR comes into play and if so, how this will all shake out.

Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba

Advertiser Disclosure:
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.